Oracle 9iAS Globals.jsa Access Network Vulnerability

Summary

In the default configuration of Oracle9iAS, it is possible to make requests for the globals.jsa file for a given web application. These files should not be returned by the server as they often contain sensitive information.

Solution

Edit httpd.conf to disallow access to *.jsa.

References

http://www.nextgenss.com/advisories/orajsa.txt
http://www.oracle.com

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-0562

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
Apache Tomcat DOS Device Name XSS
Apache Struts Cross Site Scripting Vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS

Oracle 9iAS Globals.jsa access

Take action and discover your vulnerabilities